xref: /freebsd/crypto/openssh/ssh-keysign.8 (revision 761efaa70c2ed8d35722b7bc234a46bf2457f876)
1761efaa7SDag-Erling Smørgrav.\" $OpenBSD: ssh-keysign.8,v 1.8 2006/02/24 20:22:16 jmc Exp $
2545d5ecaSDag-Erling Smørgrav.\"
3545d5ecaSDag-Erling Smørgrav.\" Copyright (c) 2002 Markus Friedl.  All rights reserved.
4545d5ecaSDag-Erling Smørgrav.\"
5545d5ecaSDag-Erling Smørgrav.\" Redistribution and use in source and binary forms, with or without
6545d5ecaSDag-Erling Smørgrav.\" modification, are permitted provided that the following conditions
7545d5ecaSDag-Erling Smørgrav.\" are met:
8545d5ecaSDag-Erling Smørgrav.\" 1. Redistributions of source code must retain the above copyright
9545d5ecaSDag-Erling Smørgrav.\"    notice, this list of conditions and the following disclaimer.
10545d5ecaSDag-Erling Smørgrav.\" 2. Redistributions in binary form must reproduce the above copyright
11545d5ecaSDag-Erling Smørgrav.\"    notice, this list of conditions and the following disclaimer in the
12545d5ecaSDag-Erling Smørgrav.\"    documentation and/or other materials provided with the distribution.
13545d5ecaSDag-Erling Smørgrav.\"
14545d5ecaSDag-Erling Smørgrav.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15545d5ecaSDag-Erling Smørgrav.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16545d5ecaSDag-Erling Smørgrav.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17545d5ecaSDag-Erling Smørgrav.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18545d5ecaSDag-Erling Smørgrav.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19545d5ecaSDag-Erling Smørgrav.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20545d5ecaSDag-Erling Smørgrav.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21545d5ecaSDag-Erling Smørgrav.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22545d5ecaSDag-Erling Smørgrav.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23545d5ecaSDag-Erling Smørgrav.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24545d5ecaSDag-Erling Smørgrav.\"
25545d5ecaSDag-Erling Smørgrav.Dd May 24, 2002
26545d5ecaSDag-Erling Smørgrav.Dt SSH-KEYSIGN 8
27545d5ecaSDag-Erling Smørgrav.Os
28545d5ecaSDag-Erling Smørgrav.Sh NAME
29545d5ecaSDag-Erling Smørgrav.Nm ssh-keysign
30761efaa7SDag-Erling Smørgrav.Nd ssh helper program for host-based authentication
31545d5ecaSDag-Erling Smørgrav.Sh SYNOPSIS
32545d5ecaSDag-Erling Smørgrav.Nm
33545d5ecaSDag-Erling Smørgrav.Sh DESCRIPTION
34545d5ecaSDag-Erling Smørgrav.Nm
35545d5ecaSDag-Erling Smørgravis used by
36545d5ecaSDag-Erling Smørgrav.Xr ssh 1
37545d5ecaSDag-Erling Smørgravto access the local host keys and generate the digital signature
38761efaa7SDag-Erling Smørgravrequired during host-based authentication with SSH protocol version 2.
394b17dab0SDag-Erling Smørgrav.Pp
404b17dab0SDag-Erling Smørgrav.Nm
414b17dab0SDag-Erling Smørgravis disabled by default and can only be enabled in the
42d0c8c0bcSDag-Erling Smørgravglobal client configuration file
434b17dab0SDag-Erling Smørgrav.Pa /etc/ssh/ssh_config
444b17dab0SDag-Erling Smørgravby setting
45d0c8c0bcSDag-Erling Smørgrav.Cm EnableSSHKeysign
464b17dab0SDag-Erling Smørgravto
474b17dab0SDag-Erling Smørgrav.Dq yes .
484b17dab0SDag-Erling Smørgrav.Pp
49545d5ecaSDag-Erling Smørgrav.Nm
50545d5ecaSDag-Erling Smørgravis not intended to be invoked by the user, but from
51545d5ecaSDag-Erling Smørgrav.Xr ssh 1 .
52545d5ecaSDag-Erling SmørgravSee
53545d5ecaSDag-Erling Smørgrav.Xr ssh 1
54545d5ecaSDag-Erling Smørgravand
55545d5ecaSDag-Erling Smørgrav.Xr sshd 8
56761efaa7SDag-Erling Smørgravfor more information about host-based authentication.
57545d5ecaSDag-Erling Smørgrav.Sh FILES
58545d5ecaSDag-Erling Smørgrav.Bl -tag -width Ds
594b17dab0SDag-Erling Smørgrav.It Pa /etc/ssh/ssh_config
604b17dab0SDag-Erling SmørgravControls whether
614b17dab0SDag-Erling Smørgrav.Nm
624b17dab0SDag-Erling Smørgravis enabled.
63545d5ecaSDag-Erling Smørgrav.It Pa /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key
64545d5ecaSDag-Erling SmørgravThese files contain the private parts of the host keys used to
65d0c8c0bcSDag-Erling Smørgravgenerate the digital signature.
66d0c8c0bcSDag-Erling SmørgravThey should be owned by root, readable only by root, and not
67545d5ecaSDag-Erling Smørgravaccessible to others.
68545d5ecaSDag-Erling SmørgravSince they are readable only by root,
69545d5ecaSDag-Erling Smørgrav.Nm
70761efaa7SDag-Erling Smørgravmust be set-uid root if host-based authentication is used.
71545d5ecaSDag-Erling Smørgrav.El
72545d5ecaSDag-Erling Smørgrav.Sh SEE ALSO
73545d5ecaSDag-Erling Smørgrav.Xr ssh 1 ,
74545d5ecaSDag-Erling Smørgrav.Xr ssh-keygen 1 ,
754b17dab0SDag-Erling Smørgrav.Xr ssh_config 5 ,
76545d5ecaSDag-Erling Smørgrav.Xr sshd 8
77545d5ecaSDag-Erling Smørgrav.Sh HISTORY
78545d5ecaSDag-Erling Smørgrav.Nm
79545d5ecaSDag-Erling Smørgravfirst appeared in
80545d5ecaSDag-Erling Smørgrav.Ox 3.2 .
81d95e11bfSDag-Erling Smørgrav.Sh AUTHORS
82d95e11bfSDag-Erling Smørgrav.An Markus Friedl Aq markus@openbsd.org
83